When you audit the non-global zones exactly as the global zone is
audited, the audit service runs in the global zone. The service
collects audit records from the global zone and all the non-global zones. The
non-global zone administrators might not have access to the audit records.

Note - The global zone administrator can choose to modify the audit masks of
users in non-global zones.

When you audit the non-global zones individually, a separate audit service runs
in each zone that is audited. Each zone collects its own audit
records. The records are visible to the non-global zone and the global
zone.

Later, if you change one of these files in the global zone,
you re-copy the file to the non-global zones.

The non-global zones are audited when the audit service is enabled in
the global zone.

Example 30-19 Loopback Mounting Audit Configuration Files

In this example, the system administrator has modified the audit_class, audit_event, and
audit_warn files.

The audit_warn file is read in the global zone only, so does
not have to be loopback mounted into the non-global zones.

On this system, machine1, the administrator has created two non-global zones, machine1–webserver and
machine1–appserver. The administrator has finished modifying the audit configuration files. If the
administrator later modifies the files, the zone must be rebooted to re-read
the loopback mounts.